Question about LDAP backend
Simo Sorce
simo at redhat.com
Wed Jul 25 14:42:20 EDT 2012
On Wed, 2012-07-25 at 20:20 +0200, Javier Palacios wrote:
> On Wed, Jul 25, 2012 at 6:13 PM, Greg Hudson <ghudson at mit.edu> wrote:
>
> > On 07/25/2012 05:26 AM, Javier Palacios wrote:
> > > But looks like ldapi is just ignored by kdb5_ldap_util. Does anyone else
> > > have some idea or should I file a bug report?
> >
> > We don't have support for SASL authentication in our LDAP back end, so
> > the KDC can't use SASL EXTERNAL to autobind over ldap. So you still
> > have to specify a BIND DN and password like you would normally.
> >
>
> OK. But as far as I understand, SASL EXTERNAL is somewhat equivalent to
> ldapi, and documentation states that ldapi is a valid protocol to
> communicate with ldap, which does not look the case.
SASL EXTERNAL is an authentication mechanism
ldapi is the communication channel on which the protocol is transmitted
They are totally orthogonal.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Kerberos
mailing list